CSRF in Technologicx Add_custom_css_and_js

CVE-2024-3903

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (11.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.

Affected products

Weakness classification (CWE)

References

  • contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)

Frequently asked questions

What is CVE-2024-3903?
CVE-2024-3903 is a high-severity vulnerability in Technologicx Add_custom_css_and_js, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.1/10. Published 2024-05-14.
How severe is CVE-2024-3903?
High severity. CVSS v3 base score is 7.1 out of 10.